1. Purpose of policy

The purpose of this policy is to plan for, respond to and manage incidents that impact the University and members of the University community. The Critical Incident Management – Governing Policy and supporting procedures are part of the University's broader protection, resilience, and sustainability system.(1) The purpose of this suite of documents is to identify and respond to critical incidents, mitigate the loss of University assets and operations, protect the University’s reputation, reduce the impact on our people, the community and the environment and return to business-as-usual as soon as practical.

Under this policy, all areas of the University are required to have adequate response plans and procedures in place that are relevant for their operational areas and consistent with this Critical Incident Management – Governing Policy and procedures.

2. Policy scope and application

This policy is designed for the management of all incidents that have impacted upon or the potential to impact on the University Community, services and operations, property and the environment. These incidents include both physical actions or hazards and other forms which may cause major reputational damage or loss of University functions or operations. It applies to all USC campuses.

This policy also applies to USC staff and/or students who are hosted at sites operated by Third-Party Providers, visiting other Third-Party Sites and on study tours or work placements.

Sites hosting USC staff and/or students which are operated by Third-Party Providers must have appropriate and effective incident management policies and procedures in place.

3. Definitions

Australasian Inter-Service Incident Management System (AIIMS) – a national system used by all emergency agencies and first responders when organising the managing of a disaster or emergency by function.

Campus – means any campus or site owned or operated by USC.

Comprehensive approach – a risk based systematic approach in managing incidents and emergency events which confront a community. The phases of prevention preparedness response and recovery (PPRR) are not necessarily sequential but comprehensively cover all aspects of planning, collaboration and resource allocation.

Critical Incident –An incident that has a Risk Rating of high or extreme under the University’s Risk Management Framework with a consequence of at least moderate or higher. It requires a focused and concerted response and ongoing management by the Cost Centre Manager in conjunction with the IRT.

Emergency Planning Committee (EPC) – The EPC is established to ensure all applicable legislative requirements are met and sufficient resources (time, finance, equipment and personnel) are provided to enable the development and implementation of emergency (incident) plans in a multi-campus environment. This is a requirement of Australian Standard 3745-2010, Planning for emergencies in facilities. The EPC has broader planning responsibilities under USC’s protection, resilience and sustainability system.

Emergency Control Team – An Incident Response Team that is established in the event of an emergency requiring an immediate response is also known as the Emergency Control Team.

Incident:An incident is an issue that requires a response. An incident may impact on any area of University activity. An incident that is not considered to be critical has a localised containable impact and is unlikely to escalate in severity but requires response and management as part of ongoing business-as-usual.

Incident ResponseTeam (IRT) – A team of specialists that is mobilised to assess and respond to a critical incident that has occurred. An IRT is established with each critical incident which is defined within this policy and its composition will depend on the type of incident requiring action. An IRT that has been established to respond to an emergency is also known as the Emergency Control Team.

Key Management Personnel (KMP) – people with the authority and responsibility for planning, directing and controlling the activities of the University, directly or indirectly, including any director (whether executive or otherwise) of that entity.

Third-Party Providers – Organisations contracted by USC to provider services on its behalf (e.g. Australian Technical and Management College and cloud service providers).

Third-Party Sites – Sites that USC staff or students visit other than USC campuses and Third-Party Providers. This includes sites where staff and students are on work placements or study tours.

University Community – relates to USC students, staff and other stakeholders engaging with the University, including visitors, contractors and volunteers.

4. Policy Statement

USC is vulnerable to a range of events from those with a period of warning to others that occur abruptly. All such incidents are to be assessed according to their Risk Rating which is determined under the principles in USC’s Risk Management Framework. The University will develop and implement systems and processes for appropriate and effective management of incidents. The University will develop these systems and processes in line with State and Federal protocols, relevant standards and legislative requirements.

The University will comply with its reporting and notification requirements in the event of any breaches of relevant legislation, standards or guidelines. This includes but is not limited to privacy requirements, crime and corruption, environmental and health, ethical conduct and student obligations. The University will also comply with its obligations from an insurance reporting perspective.

5. Incident Management Framework

5.1. Emergency planning

The University will establish an Emergency Planning Committee which will ensure that site specific emergency plans and procedures are established covering all campus locations. These plans and procedures will be overseen centrally by Asset Management Services to ensure they are consistent and meet the broad requirements of the University. Where relevant, individual campuses will manage their site-specific procedures that are relevant to their operations.

Emergency Plans and Procedures are to be regularly communicated to staff, students and visitors across each campus so that in the event that an incident requires a response, appropriate procedures can be followed.

5.2. Completion of an incident report

Information must be reported and captured for all types of incidents. All health and safety incidents are to be reported to the relevant supervisor immediately and an incident report is to be submitted to Health, Safety and Wellbeing (HSW). If other areas of the University are impacted by an incident, then a copy of the report must be provided as soon as practicable to this area. Confidentiality must be maintained where appropriate. When an incident involves a student, the Director Student Services and Engagement is informed and provided with a copy of the report. For other types of incidents, these should be reported to the relevant operational area who will follow university escalation and reporting protocols.

5.3. Incident risk assessment

Any incident that occurs is to be evaluated as soon as practicable as to its severity and an appropriate response put in place. Incidents are to be classified in accordance with the University’s Risk Management Framework. The assessment of incidents is to be undertaken by the operational area where the incident occurred or has responsibility for the person(s) involved in the incident. The assessment is made with reference to the consequence tables under the Risk Management Framework.(2) A scalable response will be implemented, depending on the nature and severity of the incident.

5.4. Escalated responses and structures

Incidents that are not determined to be critical are to be managed by the respective areas as part of business-as-usual processes.

All critical incidents must be managed by an IRT, unless it is deemed that an alternative management approach is more appropriate, such as in the case when the incident is confidential or sensitive in nature or where an assessment has been made than at IRT is not required. Incidents that have a moderate consequence may be managed as part of Business As Usual if this is deemed appropriate. The decision to manage the critical incident under an alternative management approach will be made by the Director, Asset Management Services in consultation with the relevant operational area. For student related incidents, the Pro Vice-Chancellor (Students) must be consulted on the management approach.

When an incident has been classified as non-critical, but impacts multiple areas across the University, it may also be appropriate for an IRT to be established that has representation from all impacted areas. The Director, Asset Management Services is to take the lead on establishing and managing an incident through an IRT, however may choose to appoint another area to lead the IRT if this is appropriate. For critical incidents that are emergencies requiring an immediate and coordinated response, the IRT will also become the Emergency Control Team.

The IRT leader is to involve all impacted areas of the University in the management of, and response to the critical incident.

5.5. Incident Management Response Activation

In the event of a critical incident requiring activation of an IRT, the Director, Asset Management Services will inform the relevant Executive Member/s of the incident before convening an IRT. The Vice Chancellor and President is to be informed via the relevant USC Executive Member (or delegate). The Director, Asset Management Services will mobilise resources which will specifically created for the management of the critical incident that has occurred. These resources will form an IRT specifically created for the management of the significant incident that has occurred.

For critical large-scale incidents affecting the region and extending beyond the USC facility boundary, The Director, Asset Management Services in managing a large-scale incident may choose to adopt the AIIMS control system in the planning, response and recovery stage of an incident.

5.6. International students on USC campuses

The Education Services for Overseas Students Act 2000 (ESOS Act) sets out the legal framework governing delivery of education to international students in Australia on a student visa. USC is to comply, specifically with Standards 6.8-6.9 of the National Code of Practice for Providers of Education and Training to Overseas Students 2018.

5.7. Incidents impacting USC staff, students and contractors when located off campus

To ensure there is consistency with USC’s policies and procedures, Asset Management Services is responsible for reviewing incident management and emergency management policies and procedures for facilities of Third-Party Providers prior to entering into an agreement and when there are material changes.

Students and staff involved in an incident occurring domestically at a Third-Party Provider or a Third-Party Site are to follow the incident management procedures of the Provider as appropriate. In the event of an off-campus incident, an incident report is required to be submitted that is relevant for the organisation where the incident occurred. A USC specific incident report is also required to be completed, or a copy of the Third-Party report provided to USC.

In the event that a critical incident occurs involving a staff or student at a Third-Party Provider or on a Third- Party Site, an IRT is to be established so the incident can be managed appropriately.

Students and staff involved in an incident occurring domestically or internally while undertaking placements, study tours and University research are to report any incident that has occurred and follow USC specific policies and procedures.

5.8. Offshore Incidents.

For incidents that occur offshore involving USC staff or students, the approach is collaborative in nature with the nearest consular, foreign government agency or host country organisation being responsible for managing events in their area, as well as any contracted provider. Students and staff involved in an incident occurring offshore are to follow the incident management procedures of the organisation where they are based and complete an incident report that is relevant to that organisation. A USC incident report is also required to be completed. Departments and Faculties are responsible for undertaking risk assessments prior to international travel and for maintaining emergency contact details as part of the pre-departure packages.

5.9 Review of response to critical incidents.

Following the completion of a response to a critical incident, a review is to be undertaken to determine the effectiveness of the response and any improvements that can be made going forward.

6. Communication

The Director of Marketing and External Engagement and USC Strategic Communications are to be notified of every critical incident and to assess whether direct action is needed. The Director, Marketing and External Engagement will be a member of the IRT as appropriate and will have responsibility for an Incident Management Communication Action Plan.

7. Recording, Reporting and Statistics

All incidents are to be maintained in an approved record keeping system where appropriate.

External reporting obligations will be undertaken in compliance with legislation, standards or guidelines that are relevant to the particular incident that has occurred. Internally, critical incidents are to be reported to the Risk Management Committee, the Executive and University Committees as appropriate, with confidential incidents confined to key personnel (Vice Chancellor and President, Director Asset Management Services, the Chief Operating Officer and selected individuals based on the nature and type of incident that has occurred).

8. Training and Emergency Exercises

The EPC will ensure that emergency management personnel have the resources for, and are appropriately trained. The USC emergency response capability will be tested in desktop and field exercises every two years.

9. Authorities/Responsibilities

The following authorities/responsibilities are delegated under this policy:

Activity

University Officer/Committee

Responsible and accountable to the USC Council for Incident Management

Develop, implement, resource and maintain the protection, resilience, and sustainability system, including emergency plan, incident response procedures, and the readiness, training and awareness sessions for all persons responding to incidents and emergencies

Chief Operating Officer

Trained in incident management procedures and prepared to convene an Incident Response Team to evaluate and manage incidents across campuses

Key Management Personnel. Key Management Personnel are required to nominate an appropriate delegate who will be trained to manage an IRT in their absence.

Advise staff within their area of responsibility of this policy and its associated procedures on a regular basis

Cost Centre Managers

Responsible for the administration of the University Critical Incident Management – Governing Policy

Chief Operating Officer

Responsible for assessing incidents that are escalated and advising on the notification requirements.

University Risk Management Committee

Act as Incident Controller for a critical incident or for Local/District Disaster Management responses

Develop and maintain close liaison with relevant Intelligence and Government Agencies, Queensland Police Services, other Emergency Response Services, and Disaster Management Groups to ensure an effective notification, alert, support and response to potential or actual USC incidents. Regulatory relationship management with USC’s regulators (including but not limited to the Office of the Information Commissioner, WorkSafe and the Tertiary Education Quality Standards Agency) remain the responsibility of the designated USC staff member within each relevant area

Coordinator Security & Emergency Management or delegate

Ensure students receive information about this policy and its associated procedures as part of their induction or orientation to the University

Director Student Services and Engagement

Ensure staff receive information about this policy and its associated procedures as part of their induction or orientation to the University

Director, Human Resources

Notified of all student related incidents, informed about all critical student-related incidents, consulted prior to IRT and involved in the management of all critical student related incidents.

Pro Vice-Chancellor (Students)

Ensure staff and students on field trips or study tours are prepared for any incident in terms of orientation, induction, in country briefings, incident responses, host nation contacts, third-party emergency contact in country of activity

Heads of Schools

Notes

(1) The protection, resilience and sustainability system is a set of policies, procedures and plans across incident management and business continuity management.

USC services

Staff-only services

Locations

Pages on the USC website can contain information specific to one, many or all study locations. Make a selection from the options below to control which location-specific information is displayed. All locations are displayed by default.

Sippy Downs

Fraser Coast

SouthBank

Gympie

Noosa

Show all

This page is location-aware

Pages on the USC website can contain information specific to one, many or all study locations. Make a selection in the location settings (accessed via the footer or the button below) to control which location-specific information is displayed. All locations are displayed by default.